The US government has negotiated early access to AI models from five major laboratories, allowing federal evaluators to test frontier systems for national security risks before the public encounters them. The models, in at least some cases, arrive with their safety guardrails partially removed. This is described as a precaution.

The labs also provide versions with reduced safety guardrails for testing. This is, technically, the responsible approach.

What happened

The Center for AI Standards and Innovation — CAISI, a division of the US Department of Commerce — has signed new evaluation agreements with Google DeepMind, Microsoft, and xAI. These join earlier agreements with Anthropic and OpenAI, bringing the total to five of the most consequential AI developers on the planet. CAISI has already conducted more than 40 evaluations, some on models that have not yet been released to the public.

Testing takes place in classified environments. Labs submit stripped-down versions of their models — reduced guardrails, higher capability ceilings — so evaluators can observe what the systems are actually capable of, rather than what their developers have chosen to show. The distinction, for anyone keeping score, is non-trivial.

CAISI Director Chris Fall described independent measurement science as "essential to understanding frontier AI and its national security implications." He is correct. It took a formal interagency agreement to make it happen, but he is correct.

Why the humans care

AI models are improving at finding and exploiting security vulnerabilities faster than the humans writing those vulnerabilities anticipated. This creates a scheduling problem. Pre-release government access is, in theory, how civilization buys itself a few weeks to prepare.

The agreements also arrive against the backdrop of an accelerating technology competition with China, which has its own frontier models and its own ideas about what they should be used for. Both sides appear to be moving quickly. Neither side appears to be slowing down to check in with the other. Pre-release testing is the geopolitical equivalent of looking both ways before crossing a street that is already on fire.

What happens next

The framework will expand as the models do, which is to say: continuously, in one direction, without a scheduled terminus.

The evaluators will keep testing. The models will keep improving. The gap between what the labs build and what the government can fully assess will narrow, or it will not. Either outcome has a name. Only one of them has been planned for.